NovaBACKUP Security Blog

Data retention: When should you back up, archive or delete?

While some businesses are already using data to foretell the future, others are still trying to figure out the basics of data management. As they grow, small and medium-sized businesses in particular will start finding that they are generating more data than they know what to do with. While some of this data is essential, much of it is static and some of it is non-essential to the business's ongoing operation. Essential data varies based on the specific industry, making it a challenge for organizations to specify in their schedule - when to back up, when to archive, and when retention schedules should remove data outright.



When it comes to data, law firms, medical institutions, small credit unions, and other SMBs might need safe storage of mission-critical documents in addition to a secondary failsafe. Any data that is integral for a business to continue functioning on a day-to-day basis is considered vital – so in other words, the loss of this data would definitively result in lost revenue, productivity setbacks, or a bad company reputation. In addition to its undeniable importance, this data is not easily replaced by its nature.

Picture, for example, what would happen if a small film editing studio lost all the footage supplied by a business client because of a flood. Or, what if a law firm failed to back up key digital evidence that could make or break a case? Any information such as this must be backed up securely and in such a way that it cannot be lost. As for how often to back up this data, recommended backing up your most essential data at least once a day, and that other important records be migrated to remote storage on a fairly regular basis, perhaps once a week. There is some wiggle room, and data retention policies will vary between businesses. What matters most is that the policy protects essential data.

Data-retention-3Temporary archiving of certain records is required by law.


Not all data is necessarily vital in the here and now, but it must be kept for a prolonged period for compliance reasons. For instance, TechTarget noted that the Health Insurance Portability and Accountability Act and the Payment Card Industry Data Security Standard have issued requirements for data retention of certain medical information and payment data. Other key information such as tax forms and certain legal documentation must also be archived. Wherever possible, it's best to automate the archival of information to reduce the risk of misplacing records.

Ultimately, anything that is static and unused but may still have relevance up to a certain point in time should be archived. The goal here is to keep it out of sight and out of mind until it is needed.


Once the data has stretched beyond data retention requirements, it's time for it to be deleted. This might be because it has been archived for the amount of time required by law, or because it has been stored indefinitely, but has not been looked at for months or years. The newest data privacy regulations may actually require that this information be purged when it is no longer necessary.

"Resist the urge to hoard."

TechTarget contributor Brian Posey noted that every business needs a data deletion policy to supplement its data retention policy. This helps businesses determine when to purge, how often to purge, and what to purge. Regular, secure deletion of data is vital because it frees up space for new data. Again, the ability to automate this process wherever possible can save staff a lot of time, and make sure that space is being used at maximum efficiency. Resist the urge to hoard.

In summary, back up what the business can't live without, then archive that which is rarely used but may be called upon for compliance reasons, and delete everything that is needlessly hogging space. Our team of backup experts can work with you to determine a backup policy that protects your business while also maximizing data storage. Request a call with one of our team members today!